thelabdude commented on issue #331:
URL: https://github.com/apache/solr-operator/issues/331#issuecomment-931416876
Rather than polluting the SolrCloud & Prometheus Exporter CRDs with OIDC
config settings, the operator could parse out the `wellKnownUrl` and other
config from a `security.json` provided by the user in a ConfigMap? So then the
CRD structure could look like:
```
spec:
...
solrSecurity:
authenticationType: OIDC
configMap: <user-supplied config map here with a security.json key>
oidc:
clientId: <operator client-id as registered with OIDC>
clientSecretName: <name of k8s secret where operator's client secret
for OIDC is stored>
```
_note: calling it JWT is confusing, this is OIDC, JWT's are more general
purpose and don't require OIDC_
That way, users have full control over the `security.json` and the operator
only needs to add it to ZK. This approach does require users to understand how
to structure the `security.json` for OIDC, but personally, I'd rather not put
that on the operator and having the operator support a user-supplied security
json is a good feature to have anyway.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
